Desktop Application Penetration Test

During a desktop application penetration test, we look for flaws that could compromise the security of the endpoint as well as the servers the application communicates with. We have experience with Windows, Linux, and macOS platforms.

Benefits

Desktop applications (sometimes called thick clients) still play a key role in organizations. These are typically systems such as ERP, CRM, accounting applications, document management, and recordkeeping systems.

Unfortunately, the security of these applications is often completely inadequate. The architecture of many of them was designed decades ago, so it is not uncommon to encounter client-side access control, direct access to a database server under a shared technical account, unencrypted communication protocols, completely non-functional authentication mechanisms (SSO), and the like. Unfortunately, these shortcomings are not only found in internally developed platforms but also in commercially available software.

While a penetration test of a web application would uncover critical flaws like these, the general level of methodology for testing desktop applications is much lower. Due to the use of proprietary components and protocols (unlike open platforms like the web), reverse engineering is key to assessing security.

We recommend performing a penetration test on a desktop application for at least all applications where an equivalent web or mobile application would be tested.

Testing Process

We are able to test applications for Windows, Linux, and macOS.

The prerequisite for testing is standard (user) access to an instance of the desktop application. This includes providing the client application itself and network access to the servers it communicates with. Being able to reverse engineer the client application (either locally or using tools installed on the provided operating system) is key to the quality of the results.

The following tests, among others, are performed under these conditions:

• Analysis of the communication protocol used (WCF, SOAP, direct database connection) with a special focus on vulnerabilities arising from deserialization.

• Validation of authentication procedures, particularly when implementing SSO.

• Review of access-control methods and how they can be circumvented.

• Searching for hardcoded encryption keys, access tokens, and other secrets in the client application.

• Examining server-side handling of user input for possible injection attacks.

• Testing client application components that run with elevated privileges, with a focus on local privilege escalation vulnerabilities.

• Analysis of the server-side implementation, if available.

Other Types of Tests

A desktop application is often part of a larger system. It may therefore be appropriate to simultaneously test related web applications, mobile applications, and APIs.

We also offer a wide range of other penetration testing services, see Penetration Testing – Overview.

Final Report

The results of the penetration test are documented in a final report, which contains details of the testing process, a description and classification of all the vulnerabilities found, and recommendations for mitigating the risks. We deliver the report securely in MS Word and PDF formats. The results can also be presented in a management presentation or a technical workshop.